1. Field of the Invention
The present invention relates generally to methods and apparatuses for secure communication between mobile devices, and more particularly, to methods and apparatuses for secure communication between mobile devices, in which authentication information is exchanged between mobile devices, and a secure channel is established according to a user's choice and an evaluated security level.
2. Description of the Related Art
A mobile device may securely transmit data to another mobile device using previously distributed authentication information. Such previously distributed authentication information may include a public key of a peer device to communicate with the mobile device. This authentication information may be easily distributed if the devices are geographically adjacent to each other.
For example, a mobile device may exchange authentication information with another mobile device via a near field communication medium and check whether the authentication information has been exchanged accurately. Alternatively, for example, a mobile device may exchange authentication information with another mobile device using a storage medium (e.g., memory card) in which the authentication information is stored.
In the two above-described examples, a user of the mobile device may be guaranteed integrity of the exchanged authentication information, to some extent, due to the geographical adjacency, and therefore, the mobile device may establish a secure communication channel with another mobile device using the exchanged authentication information.
However, if authentication information is distributed remotely, an attack on the security of the communication channel may occur.
More specifically, an attacker may intercept between devices that are communicating with each other and change authentication information being exchanged between the devices to authentication information of the attacker, in order for the attacker to eavesdrop on or change contents of the communication. This type of attack is known as a “man in the middle” attack.
Therefore, there is a need for a method of establishing a secure communication channel in which authentication information is securely distributed between remote mobile devices.